Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain βnative color space,β related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
secunia.com/advisories/34373
secunia.com/advisories/34667
secunia.com/advisories/34711
secunia.com/advisories/34726
secunia.com/advisories/34729
secunia.com/advisories/34732
secunia.com/advisories/35416
secunia.com/advisories/35559
secunia.com/advisories/35569
security.gentoo.org/glsa/glsa-201412-17.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
support.avaya.com/elmodocs2/security/ASA-2009-155.htm
wiki.rpath.com/Advisories:rPSA-2009-0060
www.mandriva.com/security/advisories?name=MDVSA-2009:095
www.mandriva.com/security/advisories?name=MDVSA-2009:096
www.redhat.com/support/errata/RHSA-2009-0420.html
www.redhat.com/support/errata/RHSA-2009-0421.html
www.securityfocus.com/archive/1/502757/100/0/threaded
www.vupen.com/english/advisories/2009/1708
bugzilla.redhat.com/show_bug.cgi?id=491853
exchange.xforce.ibmcloud.com/vulnerabilities/50381
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207
usn.ubuntu.com/757-1/
www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html